DevSecOps Engineer

Function

We're looking for a highly skilled DevSecOps Consultant to embed security into every phase of the software development lifecycle for our client. If you’re passionate about securing modern applications, cloud environments, and CI/CD pipelines—and you're excited by the idea of working across development, DevOps, and security—this role offers the perfect blend of challenge and impact.

Your Role & Responsibilities

You’ll play a key role in integrating cybersecurity into agile and automated development environments. Your daily missions will include:

• Embedding security practices across the SDLC, from design through to production, using automated controls and team training.

• Conducting code reviews, security audits, and penetration testing on applications, networks, cloud platforms, and containers to identify and document vulnerabilities.

• Implementing and managing CI/CD pipelines that integrate automated security tools (e.g., SAST, DAST, vulnerability scanners).

• Designing and applying security policies, secure development guidelines, and compliance frameworks (e.g., GDPR, ISO 27001).

• Automating and executing penetration test scenarios to assess real-world resilience.

• Supporting development, DevOps, and operations teams through training and awareness on vulnerability detection and remediation.

• Drafting detailed reports on attack simulations, vulnerability impact, and remediation plans.

• Performing internal and external penetration testing campaigns ethically and in line with current regulations.

• Ensuring all testing traces are safely cleaned and alerting relevant teams of any critical security breach.

Technical Skills & Environment

You’ll operate in a complex, cloud-native and containerized landscape. Strong knowledge in the following areas is essential:

• Development with technologies like .NET, Blazor, NodeJS.

• Proficiency in DevOps and automation tools: Git, GitLab CI, Jenkins, Ansible, Terraform, Docker, Kubernetes.

• Scripting in Python, Bash, PowerShell for automated security testing and deployment.

• Deep knowledge of security testing tools: Burp Suite, OWASP ZAP, Metasploit, Nessus, Nmap.

• Strong grasp of application security principles (OWASP Top 10, encryption, authentication, access control, vulnerability management).

• Experience with cloud environments (AWS, Azure, GCP) and securing virtualized or containerized systems.

• Network protocols, OS-level security (Linux, Windows), and security standards expertise.

• Ability to perform advanced risk analysis and leverage open-source intelligence (OSINT).

The Ideal Candidate

You’ll thrive in this role if you bring a mix of technical expertise, autonomy, and collaborative spirit. Our client is looking for someone who:

• Has at least 3–5 years of experience in application security, DevOps, or software testing.

• Demonstrates rigorous attention to detail and prioritizes confidentiality and compliance.

• Is proactive, adaptable under pressure, and driven by problem-solving and innovation.

• Communicates clearly with both technical and non-technical teams; able to educate others on security best practices.

• Is self-motivated, curious, and keeps up with the latest threats and tools in cybersecurity.

• Holds (or is working toward) certifications like OSCP, CEH, CISSP, Azure Security, or DevSecOps Foundation.